July 28th, 2008
as the title says portbunny is a kernel-based port scanner!
but why do we need another portscanner, if we have nmap?
portbunny isn’t like nmap! it uses a different technic! [RST-ACK & SYN-ACK]

here’s a little description i found on the debian site:
“PortBunny is a Linux-kernel-based port-scanner created by Recurity Labs.
Its aim is to provide a reliable and fast TCP-SYN-port-scanner which
performs sophisticated timing based on the use of so called
“trigger”-packets. The port-scan is performed in 2 steps:
First the scanner tries to find packets, to which the target
responds (”triggers”). Second, the actual port-scan is performed.
During the scan, the triggers, which were found in the first scanning-phase,
are used to determine the optimal speed at which the target may be scanned.”
And here’s an example:
hades:~# portbunny www.google.com
Starting PortBunny 1.1
+++ Will scan 1697 ports on 1 hosts. +++
press h for help.
Best triggers for 64.233.183.104:
============================
TCP_SYN 80
============================
+++ Trigger-Phase done. The following hosts are up: +++
64.233.183.1041 hosts total.
Results for 64.233.183.104
============================
64.233.183.104 80 OPEN http
64.233.183.104 113 CLOSED auth
64.233.183.104 179 CLOSED bgp
64.233.183.104 443 OPEN https
all other ports are FILTERED
1697 ports scanned.
============================
All done
it took 9,52 seconds and the scan was complete!
where do i get portbunny? —> HERE
wanna get more information?
here is a good presentation
and here is a video presenation from the ccc-congress [24c3] - it’s called port scanning improved!
greetz chaos =]


